Ubuntu
puppet package

  1. Bug #1020067
  2. Comment #3

Comment 3 for bug 1020067

Revision history for this message
ICT (oliver-weinmann-6) wrote : Re: Ubuntu 12.04 resolving hangs when querying AAAA records against BIND (Ubuntu 10.04) DNS servers

Hi,

** What is the exact tcpdump line you used? **

I run the following tcpdump client on the client:

**

I run nslookup gedaspw02 (gedaspw02 is a host on our local network) on the client and I do get a response:

root@ubuntu12043:/lhome/ict# nslookup gedaspw02
Server: 172.28.16.11
Address: 172.28.16.11#53

Non-authoritative answer:
Name: gedaspw02.a.space.corp
Address: 172.28.4.12

The corresponding tcpdump snippet:

root@ubuntu12043:/lhome/ict# tcpdump -i eth0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:14:21.949355 IP 172.28.19.52.33205 > gedapvl01.a.space.corp.domain: 58103+ A? gedaspw02.a.space.corp. (40)
08:14:21.949683 IP 172.28.19.52.34745 > gedapvl01.a.space.corp.domain: 64598+ PTR? 11.16.28.172.in-addr.arpa. (43)
08:14:21.951179 IP gedapvl01.a.space.corp.domain > 172.28.19.52.33205: 58103 1/0/0 A 172.28.4.12 (56)
08:14:21.951191 IP gedapvl01.a.space.corp.domain > 172.28.19.52.34745: 64598 1/0/0 PTR gedapvl01.a.space.corp. (79)
08:14:21.951289 IP 172.28.19.52.53705 > gedapvl01.a.space.corp.domain: 10253+ PTR? 52.19.28.172.in-addr.arpa. (43)
08:14:21.952504 IP gedapvl01.a.space.corp.domain > 172.28.19.52.53705: 10253 NXDomain 0/1/0 (112)

When I start puppet, the startup is extremely slow, which lead me to the assumption that something with DNS is not working correctly. Here is the tcpdump snippet when running puppet:

08:17:08.497093 IP gedapvl01.a.space.corp.domain > 172.28.19.52.36834: 6015 2/0/0 A 91.189.95.55, A 91.189.95.54 (66)
08:17:09.775535 IP 172.28.19.52.56145 > gedapvl01.a.space.corp.domain: 44576+ AAAA? puppet.a.space.corp. (37)
08:17:09.776626 IP gedapvl01.a.space.corp.domain > 172.28.19.52.56145: 44576 0/1/0 (94)
08:17:09.776719 IP 172.28.19.52.43018 > gedapvl01.a.space.corp.domain: 28254+ AAAA? puppet. (24)
08:17:14.782915 IP 172.28.19.52.52767 > gedappl01.a.space.corp.domain: 28254+ AAAA? puppet. (24)
08:17:14.783060 IP 172.28.19.52.60943 > gedapvl01.a.space.corp.domain: 35223+ PTR? 13.16.28.172.in-addr.arpa. (43)
08:17:14.784074 IP gedapvl01.a.space.corp.domain > 172.28.19.52.60943: 35223 1/0/0 PTR gedappl01.a.space.corp. (79)
08:17:16.402411 IP 172.28.19.52.54017 > gedapvl01.a.space.corp.domain: 24380+ A? daisy.ubuntu.com. (34)
08:17:16.426397 IP gedapvl01.a.space.corp.domain > 172.28.19.52.54017: 24380 2/0/0 A 91.189.95.55, A 91.189.95.54 (66)
08:17:19.786837 IP 172.28.19.52.43018 > gedapvl01.a.space.corp.domain: 28254+ AAAA? puppet. (24)

It gets stuck when trying to resolve AAAA puppet.

** Could you please attach /etc/resolv.conf from the machine running puppet? **

root@ubuntu12043:/lhome/ict# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.28.16.11
nameserver 172.28.16.13
search a.space.corp

The client is setup using DHCP.

** You say that the problem goes away when querying your Windows DNS servers directly. Could you please post an equivalent tcpdump for comparison? **

The same client using a windows DNS Server:

08:22:01.358496 IP gedaspw02.a.space.corp.domain > 172.28.19.52.42037: 34015* 0/1/0 (94)
08:22:01.358589 IP 172.28.19.52.49655 > gedaspw02.a.space.corp.domain: 14368+ AAAA? puppet. (24)
08:22:01.359085 IP gedaspw02.a.space.corp.domain > 172.28.19.52.49655: 14368 ServFail 0/0/0 (24)
08:22:01.359167 IP 172.28.19.52.38121 > gedaspw02.a.space.corp.domain: 14368+ AAAA? puppet. (24)
08:22:01.359589 IP gedaspw02.a.space.corp.domain > 172.28.19.52.38121: 14368 ServFail 0/0/0 (24)
08:22:01.359658 IP 172.28.19.52.39728 > gedaspw02.a.space.corp.domain: 13331+ A? puppet.a.space.corp. (37)
08:22:01.360077 IP gedaspw02.a.space.corp.domain > 172.28.19.52.39728: 13331* 1/0/0 A 172.28.16.12 (53)
08:22:01.381766 IP 172.28.19.52.40781 > gedaspw02.a.space.corp.domain: 10292+ AAAA? puppet.a.space.corp. (37)
08:22:01.382229 IP gedaspw02.a.space.corp.domain > 172.28.19.52.40781: 10292* 0/1/0 (94)
08:22:01.382324 IP 172.28.19.52.57552 > gedaspw02.a.space.corp.domain: 63628+ AAAA? puppet. (24)
08:22:01.382705 IP gedaspw02.a.space.corp.domain > 172.28.19.52.57552: 63628 ServFail 0/0/0 (24)
08:22:01.382778 IP 172.28.19.52.53545 > gedaspw02.a.space.corp.domain: 63628+ AAAA? puppet. (24)
08:22:01.383204 IP gedaspw02.a.space.corp.domain > 172.28.19.52.53545: 63628 ServFail 0/0/0 (24)
08:22:01.383311 IP 172.28.19.52.44176 > gedaspw02.a.space.corp.domain: 14360+ A? puppet.a.space.corp. (37)
08:22:01.383702 IP gedaspw02.a.space.corp.domain > 172.28.19.52.44176: 14360* 1/0/0 A 172.28.16.12 (53)
08:22:01.910869 IP 172.28.19.52.42662 > gedaspw02.a.space.corp.domain: 29987+ A? gedainst.a.space.corp. (39)
08:22:01.911367 IP gedaspw02.a.space.corp.domain > 172.28.19.52.42662: 29987* 2/0/0 CNAME qnap-01.a.space.corp., A 172.28.4.104 (77)
08:22:01.911511 IP 172.28.19.52.45116 > gedaspw02.a.space.corp.domain: 14736+ A? gedainst.a.space.corp. (39)
08:22:01.911968 IP gedaspw02.a.space.corp.domain > 172.28.19.52.45116: 14736* 2/0/0 CNAME qnap-01.a.space.corp., A 172.28.4.104 (77)
08:22:05.138105 IP 172.28.19.52.45117 > gedaspw02.a.space.corp.domain: 47727+ A? gedainst.a.space.corp. (39)
08:22:05.138707 IP gedaspw02.a.space.corp.domain > 172.28.19.52.45117: 47727* 2/0/0 CNAME qnap-01.a.space.corp., A 172.28.4.104 (77)
08:22:05.138850 IP 172.28.19.52.50431 > gedaspw02.a.space.corp.domain: 12931+ A? gedainst.a.space.corp. (39)
08:22:05.139323 IP gedaspw02.a.space.corp.domain > 172.28.19.52.50431: 12931* 2/0/0 CNAME qnap-01.a.space.corp., A 172.28.4.104 (77)
08:22:06.020444 IP 172.28.19.52.44044 > gedaspw02.a.space.corp.domain: 46259+ PTR? 0.0.0.0.in-addr.arpa. (38)
08:22:06.021940 IP gedaspw02.a.space.corp.domain > 172.28.19.52.44044: 46259 NXDomain* 0/1/0 (121)
08:22:06.233766 IP 172.28.19.52.44316 > gedaspw02.a.space.corp.domain: 11411+ AAAA? puppet.a.space.corp. (37)
08:22:06.234393 IP gedaspw02.a.space.corp.domain > 172.28.19.52.44316: 11411* 0/1/0 (94)
08:22:06.234492 IP 172.28.19.52.42124 > gedaspw02.a.space.corp.domain: 34880+ AAAA? puppet.a.space.corp.a.space.corp. (50)
08:22:06.234948 IP gedaspw02.a.space.corp.domain > 172.28.19.52.42124: 34880 NXDomain* 0/1/0 (119)
08:22:06.235054 IP 172.28.19.52.49220 > gedaspw02.a.space.corp.domain: 50418+ A? puppet.a.space.corp. (37)
08:22:06.235527 IP gedaspw02.a.space.corp.domain > 172.28.19.52.49220: 50418* 1/0/0 A 172.28.16.12 (53)

Here I do get a servfail when the client queries for AAAA puppet. The BIND servers are setup as forwarders.

Regards,
Oliver